package SPRING_AUTHC_ABSENT;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

public class Vulnerable {
    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {

            http.authorizeRequests()
                    .antMatchers(HttpMethod.POST,"/version ").hasAnyRole("ADMIN","USER")
                    .antMatchers(HttpMethod.POST,"/api-docs ").anonymous()
                    .antMatchers(HttpMethod.PUT,"/profile").authenticated()
                    .and().httpBasic();
        }
}}
